In the Claims ; 

1 . (Currently Amended) A controlled multicast system, comprising: 
an Ethernet switch; 
a multicast router, 
wherein: 

the Ethernet switch connects with each of a plurality of hosts in a downlink, and connects 

with the multicast router in an uplink, 

the multicast router connects with a multicast router of other systems in the uplink, 

the Ethemet switch implementing multicast exchange of a layer 2, and 

an IGMP V2 protocol is adopted as group management protocol between the Ethemet 

switch and the host; 

wherein the controlled multicast system further comprises: 

a portal server, connecting with the multicast router and providing an interface of 

user access authentication; 

an authentication server, storing configuration of privilege for the host which 

wants to join in the multicast group; 
wherein: 

the multicast router and the authentication server are configured to adopt a Client- 
server structure by which the authentication server authenticates identification of the host to join 
in a multicast group with information inputted through the interface provided by the portal 

server, and 

the multicast router records a User ID and a vlan ID corresponding to the User ID 
of the authenticated host and then distributes control commands according to results of the 
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authentication to control multicast forwarding operations of the Ethernet switch; 

configuration of privilege comprises a corresponding relation between the User 
ID of the host and a address of multicast group in which the host wants to join; 

the information inputted through the interface provided by the portal server 
comprises the User ID and a password; 

each port through which the host is connected to the Ethernet switch is a vlan 

port; 

wherein the authentication server in the system fiirther for, after receiving an 
extended RADIUS authentication message from the multicast router, of which attributes include 

the User ID as the user name and the address of multicast group in which the host wants to join, 
detecting whether to accept the host joining in the multicast group based on the configuration of 
privilege; 

responding with an acceptance message to the multicast router if the host has 
suitable privilege, otherwise returning a reject message; 

wherein the multicast router in the system further for, after receiving an IGMP 
Membership Report message from the Ethernet switch, according to the vlan ID in the message, 
searching the corresponding User ID in a multicast access privilege table of the multicast router, 
and then sending the said extended RADIUS authentication message, to the authentication 



after receiving the acceptance message from the authentication server, writing the 
address of the multicast group in which the host can join into the said multicast access privilege 
table, and implementing a routine disposal on join messages of the host, then generating a Join 
message, which comprises the vlan ID corresponding to the port that links with the host which 
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wants to join in the multicast group, the address of the multicast group that is applied for, and a 
Join command field, and then transmitting to the Ethernet switch; moreover, completing a 
routine processing of creating multicast forwarding tree on the IGMP Membership Report 
message; doing nothing after receiving the reject message; 

the Ethernet switch for, forwarding the IGMP Membership Report message from 
the host, wherein the IGMP Membership Report message forwarded to the multicast router port 
carries with the vlan ID of the host; 

after receiving the Join message from the multicast router, searching the MAC 
address corresponding to the address of the multicast group in the forwarding table; if the entry 
corresponding with the MAC address is found, obtaining the port number of the host via 
searching in the forwarding table with the vlan ID in the Join message, and then adding the port 
number into the said entry; if nothing is found, adding an entry in the forwarding table, which 
comprises the MAC address corresponding to the multicast address, the port number of the host 
which applies to join in the multicast group, and the port number of the multicast router 
connected with the Ethernet switch; 

after receiving a multicast flow from the multicast router, forwarding it to ports of 
the Ethernet switch with the current forwarding table. 

2. (Previously Presented) The controlled multicast system according to claim 1, wherein a 
RADIUS+ protocol extended from a RADIUS ( Remote Authentication Dial In User Service) 
protocol is adopted as communication protocol between the multicast router and the 
authentication server. 
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3. (Previously Presented) The controlled multicast system according to claim 1, wherein 
the authentication server is an AAA (Authorization And Authentication) server. 

4. (Canceled) 

5. (Previously Presented) The controlled multicast system according to claim 1, wherein: 
the multicast router in the system is further configured for: 

after receiving an IGMP Leave message: 
extracting the vlan ID from the message, and 

obtaining corresponding entry in the multicast access privilege table via searching with 
the vlan ID, 

then deleting the address of the multicast group indicated by the IGMP Leave message in 
the entry; 

after completing a routine disposal on leave messages of the host, generating a Leave 
message and sending to the Ethernet switch, which includes the vlan ID of the host which wants 
to leave the multicast group, the address of multicast group where the host wants to leave and a 
Leave command field; and 

the Ethernet switch fiirther configured for: 

after receiving the Leave message from the multicast router, obtaining the entry 
through looking up the forwarding table with the MAC address corresponding to the multicast 
address of the multicast group, and 

getting the port number of the host with the vlan ID in the Leave message, and 
then deleting the said port number from the said entry. 
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6. (Previously Presented) The controlled multicast system according to claim 1, wherein 
the multicast router in the system is fiirther configured for: 

after knowing offline status of the host, actively generating the Leave message and 
sending to the Ethernet switch; and 

terminating the multicast flow transmission. 

7. (Currently Amended) A method for implementing a controlled multicast, comprising: 

A. in advance, according to ports of an Ethernet switch, classifying vlan with one vlan 
for each port, and linking one port to one host; 

making access authentication for a host which wants to join in a multicast group, if the 
authentication is successful, executing step B, otherwise ending; 

B. forwarding an IGMP Membership Report message fi'om the host by the Ethernet 

switch; 

C. detecting whether to accept the host joining in the multicast group, if it is, generating 
a Join message to control establishing of an entry in a forwarding table of the Ethernet switch by 
a multicast router, and forwarding a multicast flow from the multicast router according to the 
current forwarding table by the Ethernet switch; otherwise endin g; wherein step A. the said step 
of making access authentication for a host which wants to join in the multicast group comprises. 

in advance, storing configuration of privilege for hosts which want to join in the 
multicast group in an authentication server that connects with the multicast router, wherein the 
configuration of privilege includes a corresponding relation between a User ID of the host and a 
address of multicast group in which the host wants to join; 

inputting information including the User ID and a password through an interface 
provided by a portal server, and authenticating identification of the host with the information by 
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the authentication server; 

recording the User ID of the host and a corresponding vlan ID of the host in a multicast 
access privilege table by the multicast router after the authentication is successful: 

wherein the step B fiirther comprises, if the port corresponding to the destination MAC 
address in the IGMP Membership Report message is found in the forwarding table, forwarding 
to the found port, otherwise forwarding to all the ports; wherein the IGMP Membership Report 
message forwarded to the multicast router port carries with vlan ID of the host; 

wherein the step C fiirther comprises. 

CI. after multicast router receives the IGMP Membership Report message, 
searching the User ID of the host in the multicast access privilege table based on the vlan ID in 
the IGMP Membership Report message; then sending an extended RADIUS authentication 
message which includes the User ID just found as the user name and the address of multicast 
group in which the host wants to join as the attribute, to the authentication server; detecting 
whether to accept the host joining in the multicast group by the authentication server according 
to the configuration of privilege; 

if the host has suitable privilege, responding with an acceptance message to the 
multicast router by the authentication server, and then executing step C2. otherwise returning a 
reject message; the multicast router does nothing and ends after receiving the reject message; 

C2. after the multicast router receives the acceptance message, writing the address 
of the multicast group in which the host can join into the said multicast access privilege table, 
and implementing a routine disposal on join messages of the host, then generating a Join 
message, which comprises the vlan ID corresponding to the port that links with the host which 
wants to join in the multicast group, the address of the multicast group that is applied for, and a 
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Join command field, and then transmitting to the Ethernet switch; moreover, completing a 
routine processing of creating multicast forwarding tree on the IGMP Membership Report 
message; 

C3. searching the MAC address corresponding to the address of the multicast 
group in the forwarding table by the Ethernet switch; if the entry corresponding with the MAC 
address is found, obtaining the port number of the host via the vlan ID in the Join message, and 
then adding the port number into the said entry; if nothing is found, adding an entry in the 
forwarding table, which comprises the MAC address corresponding to the multicast address, the 
port number of the host which applies to join in the multicast group, and the port number of the 
multicast router connected with the Ethernet switch; 

C4. sending only one copy of the multicast flow to the Ethernet switch by the 
multicast router. 

8. (Previously Presented) The method for implementing a controlled multicast according to 
Claim 7, for the host which wants to leave the multicast group, the method fiirther comprising: 

forwarding an IGMP Leave message from the host by the Ethemet switch; and 
generating a Leave message to confrol deleting the entry of the host in the forwarding 
table after the multicast router receives the IGMP Leave message. 

9. (Previously Presented) The method for implementing a confroUed multicast according to 
Claim 7, fiirther comprising: 

actively generating the Leave message to control deleting the entry of the host in the 
forwarding table by the multicast router once knowing offline status of the host; 



HW0210031US 



Page 8 of 12 



and 

terminating the multicast flow transmission. 

10. (Canceled) 

1 1 . (Previously Presented) The method for implementing a controlled multicast according to 
Claim 8, wherein: 

the step of forwarding an IGMP Leave message from the host fiirther comprises 
forwarding the IGMP Leave message from the host based on the current forwarding table; 

the IGMP Leave message forwarded to the multicast router carries with the vlan ID of the 

host; 

the step of generating a Leave message to confrol deleting the entry of the host in the 
forwarding table further comprises: 

after the multicast router receives the IGMP Leave message, exfracting the vlan ID from 
the message, and obtaining corresponding entry via searching in the multicast access privilege 
table with the vlan ID, then deleting the address of the multicast group indicated by the IGMP 
Leave message in the entry of the multicast access privilege table; 

completing a routine disposal on leave messages of the host, and then generating a Leave 
message and sending to the Ethernet switch, which includes the vlan ID of the host which wants 
to leave group, the address of multicast group where the host wants to leave and a Leave 
command field; and 

after the Ethernet switch receives the Leave message, obtaining the entry through looking 
up the forwarding table with the MAC address corresponding to the multicast address of the 
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multicast group, and getting the port number of the host with the vlan ID in the Leave message, 
and then deleting the said port number from the said entry. 

12. (Previously Presented) The method for implementing a controlled multicast according to 
Claim 1 1 , the step of generating a Leave message to confrol deleting the entry of the host in the 
forwarding table fiirther comprises: if the deleted port is the solely port of the said entry in the 
forwarding table, further deleting the whole entry. 

13. (Previously Presented) The method for implementing a controlled multicast according to 
Claim 7, fiirther comprising: 

during the messages forwarding, adopting a vlan protocol between the multicast router 
port and the Ethernet switch. 

14. (Previously Presented) The method for implementing a controlled multicast according to 
Claim 7, the method further comprises: 

filtering data messages send by a multicast sender with a multicast Access Control List 
(ACL) through the first receiver among the multicast routers: and forwarding the data messages 
that satisfy the requirements in the ACL to the multicast tree. 

15. (Previously Presented) The method for implementing a confroUed multicast according to 
Claim 14, wherein the multicast ACL comprises a command word, a source address and a group 
address. 

1 6. (Previously Presented) The method for implementing a controlled multicast according to 
Claim 14, wherein: 
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the multicast ACL is distributed to each multicast router by a centralized multicast 
service control server; and 

the multicast service control server acts as the authentication server. 

17. (Previously Presented) The method for implementing a controlled multicast according to 
Claim 14, wherein the multicast ACL can also be distributed by a centralized policy server or a 
network manager. 



18. (Canceled) 
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